Masking of privacy related information for network services

This application is a Submission Under 35 U.S.C. § 371 for U.S. National Stage Patent Application of International Application Number: PCT/EP2021/072936, filed Aug. 18, 2021 entitled “MASKING OF PRIVACY RELATED INFORMATION FOR NETWORK SERVICES,” the entirety of which is incorporated herein by reference.

The present application relates to a method for operating a service consumer and for operating a service provider. The invention furthermore relates to the corresponding service provider and service consumer. Further, a computer program and a carrier comprising the computer program is provided and a system comprising the service provider and service consumer.

5G Standard introduced the possibility to request several services offered based on the availability of UE-related information, such as location. As example, the Network Data Analytics Function (NWDAF, defined in 3GPP TS 23.288) is a network function introduced in 5G core network to provide analytics (including AI-based ones) to several consumers, these being other network functions of the core network (e.g., AMF (Access and Mobility Management Function), SMF (Session Management Function) or service-related functions such as Application Function (AF) and consequently application layer. Considering 3GPP TS 23.288, the following analytics deal with location information:

It should be understood that other network services, in addition to those provided by NWDAF, could also rely on information such as geographical location of UEs and similar types of information.

On top of NWDAF related standardization, 3GPP is also focused on RAN-centric data collection for mobility optimization use-cases as described in 37.816 section 5.3.

3GPP TR 22.874 is investigating aspects related to traffic characteristics and performance requirements for AI/ML (Artificial Intelligence/Machine Learning) model transfer in a 5GS (5G System). Section 7 focuses on distributed/federated learning over 5G system. The current state-of-the-art considers federated learning as a novel machine learning tool that competes with regular ML methods that train on large aggregations of data collected over multiple data sources.

shows an architectural overview of a system with federated learning. Different clients/UEstohave corresponding Machine learning modulestoin order to train locally trained modelsto. The modelstoare uploaded to a central serverwhich is configured to generate an aggregated model.

When looking at evolutions of 5G systems, e.g. beyond 5G networks or even 6G, an increase in terms of usage of AI/ML-based services is expected and there will be many AI/ML services leveraging on privacy-related information as inputs or features for their AI/ML models. When considering evolutions towards beyond 5G, the following points should be considered:

When it comes to information exchanges among actors involved in a network procedure, current procedures define how such information should be structured and of course encrypted, but how to handle such information is based on the assumption that there is an SLA (Service Level Agreement) covering the provisioning of privacy-related information such as geographical position of UE, timestamp associated to a certain geographical position, planned route, etc. When extending these services to mass markets, privacy-related implications start to raise. For example, in an automotive context, even if there is an SLA between e.g. a car manufacturer and a network operator to cover the exchange of UE location information for a service like QoS Sustainability Analytics, the actual sharing of the in-vehicle UE location information might be subject to user (i.e., driver, passengers) consent. If the consent is not given, the network operator cannot provide the service. While it might not be a problem for a user to given consent to the car manufacture to use the vehicle location, it might be less obvious that a user will also give consent for vehicle location to be used by “another actor” such as a network operator.

Accordingly, a need exists to overcome the above-mentioned problems and to be able to effectively protect privacy-related information when consuming a network service where a privacy-related information is necessary.

This need is met by the features of the independent claims. Further aspects are described in the dependent claims.

According to a first aspect a method for operating a service consumer is provided which is requesting to utilize a network service provided by a service provider in a cellular network. The method comprises the steps at the service consumer to transmit a service request to the service provider, wherein the service request comprises a privacy indication indicating that a privacy related information necessary as input for the network service is requested to be privacy protected when used outside the service consumer. Furthermore, the service consumer receives a service response from the service provider, wherein the service response comprises a privacy model and an indication how to use the privacy model. The service consumer then processes the privacy model at the service consumer based on the indication.

Furthermore, the corresponding service consumer is provided comprising a memory and at least one processing unit, wherein the memory contains instructions executable by the at least one processing unit. The service consumer is operative to work as mentioned above or as discussed in further detail below.

As an alternative the service consumer comprises a first module configured to transmit the service request to the service provider which comprises the privacy indication indicating that a privacy-related information necessary as input for the network service is requested to be privacy protected when used outside the service consumer. A second module is configured to receive the service response from the service provider which comprises a privacy model and the indication how to use the privacy model. A third module of the service consumer is configured to process the privacy model based on the indication.

With the privacy indication and the received privacy model it is possible to make sure that the privacy-related information is privacy protected when it is used outside the service consumer. Accordingly, the service consumer can determine and control how the privacy-related information is used in the network.

Furthermore, the method for operating the service provider is provided which is configured to provide a network service in the cellular network. The service provider receives the service request from the service consumer which is configured to utilize the network service, wherein the service request comprises the privacy indication indicating that the privacy-related information necessary as input for the network service is requested to be privacy protected when used outside the service consumer. The service provider selects a privacy model for the service consumer taking into account the privacy indication and determines how the selected privacy model should be used at the service consumer. Furthermore, a service response is transmitted to the service consumer wherein the service response comprises the selected privacy model and the indication how to use the selected privacy model at the service consumer.

In addition, the corresponding service provider is provided comprising a memory and at least one processing unit, wherein the memory contains instructions executable by the at least one processing unit. The service consumer is operative to work as discussed above or as discussed in further detail below.

As an alternative, the service provider comprises a first module configured to receive the service request from the service consumer which comprises the privacy indication for the privacy-related information. The service provider comprises a second module configured to select the privacy model for service consumer taking into account the privacy indication, a third module configured to determine how to use the selected privacy model at the service consumer and a fourth module configured to transmit a service response to the service consumer which comprises the selected privacy model and the indication how to use the privacy model at the service consumer.

The service provider can make sure that the request of the service consumer is respected and that the privacy model helps to obtain the protection of the privacy-related information.

Furthermore, a system is provided comprising the service provider and the service consumer.

Additionally, a computer program comprising program code is provided, wherein execution of the program code causes the at least one processing unit to execute a method as discussed above or as explained above or in more detail below

A carrier comprising the computer program is provided, wherein the carrier is one of an electronic signal, optical signal, radio signal, or computer readable storage medium.

It is to be understood that the features mentioned above and features yet to be explained below can be used not only in the respective combinations indicated, but also in other combinations or in isolation without departing from the scope of the present invention. Features of the above-mentioned aspects and embodiments described below may be combined with each other in other embodiments unless explicitly mentioned otherwise.

In the following, embodiments of the invention will be described in detail with reference to the accompanying drawings. It is to be understood that the following description of embodiments is not to be taken in a limiting sense. The scope of the invention is not intended to be limited by the embodiments described hereinafter or by the drawings, which are to be illustrative only.

The drawings are to be regarded as being schematic representations, and elements illustrated in the drawings are not necessarily shown to scale. Rather, the various elements are represented such that their function and general purpose becomes apparent to a person skilled in the art. Any connection or coupling between functional blocks, devices, components of physical or functional units shown in the drawings and described hereinafter may also be implemented by an indirect connection or coupling. A coupling between components may be established over a wired or wireless connection. Functional blocks may be implemented in hardware, software, firmware, or a combination thereof.

Within the context of the present application, the term “mobile entity” or “user equipment” (UE) refers to a device for instance used by a person (i.e. a user) for his or her personal communication. It can be a telephone type of device, for example a telephone or a Session Initiating Protocol (SIP) or Voice over IP (VoIP) phone, cellular telephone, a mobile station, cordless phone, or a personal digital assistant type of device like laptop, notebook, notepad, tablet equipped with a wireless data connection. The UE may also be associated with non-humans like animals, plants, or machines. A UE may be equipped with a SIM (Subscriber Identity Module) or electronic-SIM comprising unique identities such as IMSI (International Mobile Subscriber Identity), TMSI (Temporary Mobile Subscriber Identity), or GUTI (Globally Unique Temporary UE Identity) associated with the user using the UE. The presence of a SIM within a UE customizes the UE uniquely with a subscription of the user.

For the sake of clarity, it is noted that there is a difference but also a tight connection between a user and a subscriber. A user gets access to a network by acquiring a subscription to the network and by that becomes a subscriber within the network. The network then recognizes the subscriber (e.g. by IMSI, TMSI or GUTI or the like) and uses the associated subscription to identify related subscriber data. A user is the actual user of the UE, and the user may also be the one owning the subscription, but the user and the owner of the subscription may also be different. E.g. the subscription owner may be the parent, and the actual user of the UE could be a child of that parent.

The solution discussed below covers the following aspects:

Furthermore, it enables service availability at either the service provider or consumer sides (or both) without requiring explicit transfer of privacy-related information.

A mobile/cellular network is extended with the capability of providing a privacy model to a service consumer. For a service consumer who wants to access a certain network service that requires a privacy-related information as input/features, the solution discussed below introduces procedures that allow the service consumer to indicate its desire in masking its privacy-related information. Based on such request (jointly with other inputs), the mobile network will select and provide to the consumer the adequate privacy model. Depending on the selected privacy model, the consumer could directly use the outputs of the privacy model to predict the required service or signal the output information of such privacy model (e.g., outputs of the privacy model after inference) in a subsequent network service request to the mobile network. In the first option the privacy related information is only used at the service consumer and the privacy model comprises a service model which directly provides the requested network service. In the second option the privacy model comprises a protection model which receives as input the privacy related information without privacy protection, the model generating a privacy protected output which is sent to the service provider, where the privacy protected information is used to provide the requested service. The service provider is a functionality within the cellular network, i.e. a network service provider and not necessarily a service provider such as google etc. The solution below can be considered as a core/key enabler for applications where a UE cannot send its information (e.g., location, due to privacy reason) to a cellular network, the radio access part, e.g. the gNB to obtain any service (e.g., QoS prediction information).

In the present disclosure, Network Service means a service offered by a mobile/cellular network which is desired to be accessed by a given consumer but which requires some privacy-related information (e.g., UE location, UE trajectory, etc.) in order to be executed. The Network Service is offered by the Service provider, which might be a NF of a mobile core network, or another network entity such as a gNB. For example, Network services might include, but not limited to, services provided by NWDAF such as QoS Sustainability Analytics, Observed Service Experience Analytics, NF load Analytics, UE mobility Analytics, DN Performance Analytics. Please note that the service per-se might be provided by a different entity than the entity which exposes the service output to the final consumer, e.g., a service might be offered by e.g. NWDAF or AMF or SMF but a consumer might interact with e.g. a NEF (Network exposure Function) and/or a VAE server to retrieve the service.

In the present disclosure, Service consumer refers to the entity which is in charge of interacting with the network to request one or more network services. The service consumer might differ depending on which network service is desired to be accessed, examples might include but are not limited to,

There might be cases where there are separate service consumers for accessing a network service and a privacy service.

In the following an embodiment is discussed in connection within more detail.

A procedure for a privacy network service (PNS) is discussed where a service consumerwhich intends to use a certain network service involving the exchange of privacy-related information, requires the privacy service to a service providerto enable the desired network service while meeting privacy concerns. The high-level steps are described as in illustrated in:

Step S: The Service consumer sends a Privacy Service Request (PSreq) to a service provider indicating the desired network service including filter information and a privacy class as privacy information. PSreq indicates that the SC (Service Consumer) requires its information to be protected when accessing a certain network service. Such request contains, but not limited to,

Step S: The service provider, based on the information included in the Privacy Service Request, selects a privacy model which is relevant to the required privacy class indicated in the request.

Step S: The service provider sends a Privacy Service Response (PSres) to the service consumer which includes

Step S: The service consumer processes the response PSres which includes the privacy model and some indications including that on how to use the outputs of the privacy model. Processing includes, but not limited to, updating the privacy model, send the updated version back to network, or configuring the usage of the privacy based on the information included in the response.

Step S: The service consumer may optionally update the privacy model or not depending on the indication sent by PSres. The local update of the sent privacy model should be done before step S. However, if the PSres indicated to send the locally updated model, then the transmission could occur at any step after the update.

Step S: The service consumer directly uses the privacy model (Case S) or determines whether the service consumer should continue with a Network Service Request (Case S). Case a—the privacy model provided by the service provider in step Sincludes the service model including the Network Service requested by the service consumer. In this case, when running the privacy model, the consumer provides as input the privacy-related information and the other information requested by the network service. The output of the model is the desired network service. So, for this case, the following step is:

S: The service consumer(after injecting the privacy-related information to the privacy model) directly uses the outputs of the privacy model, which includes the network service, provided by the service provider.

Case b—the privacy model as received comprises a protection model which helps to protect the privacy related information provided by the service consumer by generating an output to be included by the service consumer when requesting the desired Network Service. So, for this case, the following steps are:

S. The service consumer sends a Network Service Request including the outputs of the privacy model as input information of the request (in addition to the other information which are associated to the Network service). The privacy related information is determined with privacy protection as an encoded latent variable output by an encoder part which is included in the protection model sent in step S.

(case-b) Step S: The service providerprocesses the request, and uses the outputs of the privacy model as inputs (together with the other inputs associated to the service and provided in the request) to provide the desired service.

(case-b) Step S: The service providerprovides the Network service response to service consumer. This step is the same step as in the legacy network service response (i.e., without usage of the privacy service). This updated model is for use in next requests and hence can be aggregated with the existing models.

Step S: Following step S, the service consumer might be requested to send the updated privacy-model to the network, if requested in the indication at PSres, which is processed in step-. This could be done at any point of time after the local update in step S.

After this high level description of the process, the different steps and the information exchanged is discussed in more detail.

S: PSres

Frist of all, the transmitted service request of step Sthe signal PSres is discussed in more detail: